The question we hear most from CIS practitioners is whether Tax Radar duplicates the verification their clients already do at filing. The short answer is no. The longer answer is more interesting, because it explains why the new regime requires both.
HMRC’s CIS verification process is the foundation of CIS compliance. It is also limited by design. It was built to answer one specific question: what deduction rate should be applied to this subcontractor at the point of payment? It answers that question well. It does not, and was never built to, answer the broader questions about who the subcontractor is, whether they are commercially viable, whether they are operating legitimately, or whether the rates being paid are consistent with a real engagement.
Finance Act 2025-26 has now made answering those broader questions a regulatory requirement, not a commercial choice. The “knew or should have known” standard introduced by sections 62A and 62B holds principal contractors liable for fraud committed elsewhere in their supply chain if a reasonable contractor would have spotted the warning signs. The signs the legislation expects contractors to spot are not in the CIS verification API. They are in Companies House, in VAT records, in site-level evidence, and in rate benchmarking data.
This article walks through what HMRC CIS verification covers, what it does not cover, and why both processes are now needed.
For the broader strategic context, see Why HMRC’s Fraud Investigation Service Is Targeting Construction. For the case law that gave us the “knew or should have known” standard, see The Kittel Countdown.
HMRC’s CIS verification process is documented in CIS340, the published guide for contractors and subcontractors. The mechanics are straightforward.
At the point of engaging a new subcontractor, the contractor must verify them with HMRC. The contractor submits the subcontractor’s name, Unique Taxpayer Reference (UTR), and either their National Insurance number (for sole traders) or Companies House registration number (for limited companies). HMRC’s CIS API matches these details against its records and returns one of three deduction rates: 0% (Gross Payment Status), 20% (standard registered subcontractor), or 30% (unverified or unregistered subcontractor).
HMRC also returns a Verification Reference, historically called a V-number, which the contractor must record. This number is evidence the verification was performed, against the data HMRC held at that moment.
The process is automated, fast, and reliable. A typical verification completes in under a second. Practitioners who file CIS returns through commercial software have this happening in the background every month. Tax Radar uses the same API; we are HMRC CIS Internet Recognised (Vendor ID 9328), which is the formal accreditation HMRC issues for direct API integration.
That is everything CIS verification does. It confirms the subcontractor is registered for CIS, returns the correct deduction rate, and produces an audit reference. It is necessary. It is not, on its own, sufficient under the new regime.
The table below summarises the position. The check column lists categories of due diligence relevant under Finance Act 2025-26. The middle column shows what HMRC CIS verification covers. The right column shows what Tax Radar’s CIS Defence platform adds.
| Check | HMRC CIS verification | CIS Defence |
|---|---|---|
| CIS registration and deduction rate | Yes | Yes (same API) |
| Verification Reference recorded | Yes | Yes (same number) |
| Re-verification when subcontractor status changes | At the statutory two-year threshold | Monthly automated re-verification |
| VAT registration status | Not checked | Checked via HMRC VAT API |
| Company filing history and phoenixism | Not checked | Continuous Companies House analysis |
| Director history and disqualifications | Not checked | Continuous Insolvency Service and Companies House analysis |
| Labour rate benchmarking | Not checked | NMW, CIJC, JIB, and ONS ASHE comparison |
| Physical site verification | Not checked | Boots on the Ground site visits |
| Employment status indicators | Not supported | Indirect evidence via benchmarking and BOTG |
Each row is unpacked in the detail that follows. The categories are not theoretical. Each one maps to a specific risk indicator HMRC’s Fraud Investigation Service uses when building “knew or should have known” cases. None of them is covered by standard CIS verification.
A subcontractor who is not VAT-registered when they should be, or whose VAT number is invalid, is exhibiting one of the clearest fraud indicators HMRC tracks. Missing VAT registration is a hallmark of phoenix structures and disguised employment arrangements.
HMRC’s CIS verification API does not check VAT. The two systems are operationally separate. A subcontractor can have a valid CIS registration and an invalid or missing VAT registration simultaneously, and CIS verification will not flag it.
Tax Radar checks VAT registration through HMRC’s separate VAT API at every screening, flagging unregistered subcontractors and invalid VAT numbers. The check is live across all customer accounts.
Phoenixism, the deliberate dissolution and re-incorporation of companies to escape tax liabilities, is the single most common pattern HMRC’s investigators look for in CIS fraud cases. The signal sits in Companies House data: director histories, dissolved companies, disqualifications, prior trading at the same address.
HMRC’s CIS verification does not look at any of this. It is concerned only with current CIS registration status.
Tax Radar maintains a continuous link to Companies House and runs forensic checks across the subcontractor’s directors, the company’s filing history, and any flags raised by the Insolvency Service. A subcontractor whose directors have a history of dissolved companies surfaces in the platform’s risk model. None of that surfaces in standard CIS verification.
HMRC’s Fraud Investigation Service treats uncommercial labour rates as evidence of fraud. A subcontractor offering rates significantly below market is either underpaying their workers (which carries its own enforcement risk under the National Minimum Wage rules), or the engagement is not commercially genuine. Both are signals a reasonable contractor would investigate.
CIS verification has no concept of rate. The API does not know whether the subcontractor is being paid £15 an hour or £150 an hour.
Tax Radar benchmarks declared day rates against three reference points: the National Minimum Wage floor, published by gov.uk; industry trade rates published by the Construction Industry Joint Council and the Joint Industry Board; and regional pay data from the ONS Annual Survey of Hours and Earnings. Rates outside the expected range trigger a risk flag with the supporting benchmark data attached.
A subcontractor’s paperwork can be fully compliant while the workforce on site is something entirely different. Identity fraud, labour substitution, and disguised employment all manifest at the physical site level, not in the digital trail.
HMRC’s CIS verification is entirely digital. It has no concept of who is actually working.
Tax Radar’s Boots on the Ground checks record headcount, branding, PPE, and CSCS card compliance through site visits. The data feeds back into the platform and forms part of the audit trail. This is the only operational check available that bridges the paperwork-to-site gap, and it is increasingly relevant to defending a “knew or should have known” challenge in front of HMRC.
Every contractor filing a CIS300 monthly return declares, in effect, that the subcontractors listed are genuinely self-employed. There is no verification process supporting that declaration. The contractor self-certifies.
The contractor is exposed if they are wrong. HMRC’s enforcement of employment status in construction has been gathering pace, with Tier 1 contractors facing significant adjustments where workers were treated as self-employed but were operationally indistinguishable from employees.
Tax Radar does not perform employment status determinations directly. That requires a structured assessment of working arrangements that goes beyond what a software platform can deliver. But the platform’s benchmarking and BOTG outputs provide supporting evidence: rates consistent with employed roles, headcount mismatches between paperwork and site, branding that suggests the subcontractor is operationally indistinguishable from the main contractor. Each is an indicator a reasonable contractor should investigate, and each forms part of the contemporaneous audit trail when they do.
Both processes touch the same Verification Reference. When a practitioner files a monthly CIS return, the V-number appears against each subcontractor. When Tax Radar runs its check, the platform calls the same HMRC API and records the same V-number against its audit trail.
That is the only overlap.
The V-number on the CIS return is a filing artefact. It tells HMRC the contractor verified this subcontractor before paying them. It is backward-looking, captured at the point of payment.
The V-number in the Tax Radar Compliance Passport is a due diligence artefact. It tells HMRC the contractor checked this subcontractor’s status as part of ongoing compliance monitoring. It is forward-looking, captured as part of a continuous evidence trail.
They share a number because they call the same API. They serve different purposes. They sit in different compliance lanes. HMRC does not, and was never designed to, link them.
Finance Act 2025-26 has changed what “complete compliance” means in construction. The filing work that practitioners have always done remains essential. It is the foundation that everything else sits on. The new regime simply requires that the foundation now be paired with a separate evidence trail covering who the contractor engaged and how that decision was justified.
CIS Defence builds that evidence trail. It does not replace the filing process; it sits alongside it, in a different compliance lane.
The reframe that helps most when this comes up in practice: the monthly CIS return is about the money. The Tax Radar Compliance Passport is about the counterparty. The new regime has created liability around the counterparty that the money-focused process was never designed to cover. A contractor with perfect monthly filings who engaged a fraudulent labour provider is exposed. The filing is correct. The exposure comes from somewhere else.
For practitioners, the practical position is that CIS Defence does not duplicate filing work and does not need to integrate with it. The two systems are complementary by design, in the same way that fire safety certification and buildings insurance are complementary: both relate to the same building, both matter, neither needs to know about the other.
The most useful conversation we have with a practitioner is not the one where we explain what CIS Defence adds. It is the one where we run your client’s actual supply chain through CIS Defence and show, against each material subcontractor, what comes back.